class LoginController < ApplicationController
  
  before_filter :authorize, :except => :login
  
  layout "admin"
  
  def add_user
    user = User.find(session[:user_id])
    if user.name != 'admin'
      redirect_to(:controller => "login", :action => "login")
    else
      @user = User.new(params[:user])
      if request.post? and @user.save
        flash.now[:notice] = "User #{@user.name} created"
        @user = User.new
      end
    end
  end
  
  
  def login
    session[:user_id] = nil
    if request.post?
      user = User.authenticate(params[:name], params[:password])
      if user
        session[:user_id] = user.id
        redirect_to(:controller => "bids")
      else
        flash[:notice] = "Invalid user/password combination"
      end
    end 
  end
  
  def logout
    session[:user_id] = nil
    flash[:notice] = "Logged out"
    redirect_to(:controller => "login", :action => "login")
  end
  
  def index
  end
  
  
  def list_users
    user = User.find(session[:user_id])
    if user.name != 'admin'
      redirect_to(:controller => "login", :action => "login")
    else
      @all_users = User.find(:all)
    end
  end
  
  
  
  
end
